Beyond Trade Show Hyperbole: My RSA Wish List

With the Oscar award ceremony completed, the information security industry rolls out its own red carpet for its annual celebrity event, the RSA Security Conference, next week. I’ve written before about the pervasive “buzz” topics I expect to hear about next week. Here are 5 subjects I’d like to discuss:

  1. Security software architecture. Enterprise software is based on technologies like transaction processing, middleware, and web services that allow individual applications to integrate into an enterprise architecture. To gain scale and efficiency, the next-generation of security software must be built on a similar software architecture foundation. IBM, McAfee, and RSA Security get this. So does Tibco which is why it acquired LogLogic. Will any other vendors talk about security software architecture at RSA?
  2. Algorithms. I am convinced that the industry is moving to an information-based model featuring big data security analytics. That said, CISOs don’t want to collect tens of terabytes of security data and then try to figure out what to do with it. The key to security analytics is a combination of stream processing, machine learning, statistical modeling, and nested algorithms. There is a lot of academic research in this area but little commercialization. Will vendors like Boeing/Narus, HP/ArcSight, SAIC, and Splunk get into this level of detail, or hand out tee shirts instead?
  3. Visualization. Same thread as algorithms—security data visualization will move beyond pie charts and spreadsheets within the next few years. Oak Ridge and Pacific Northwest National Labs are doing a lot of work in this area. Will security vendors jump on the bandwagon?
  4. The security skills shortage. I admit that I’ve done a lot of research in this area so it is near-and-dear to me. Call me crazy but I believe this is a crucial issue that no one is talking about. I tried to do so myself but my proposal was rejected by the RSA mucky-mucks. This is not a sexy topic but an under-staffed, under-skilled cybersecurity workforce is as big a threat as anything.
  5. Hackers. This topic is better suited for Black Hat or Defcon but it should be an essential component of RSA as well. I expect cliché sound bytes describing how hacking is no longer the domain of adolescent whiz kids a la Matthew Broderick in WarGames (1983). Everyone gets this by now. What they don’t get is who the hackers are, how they are organized, and why they do what they do.

Trade shows are trade shows so you have to expect high-level conversations, marketing hype, and generous distribution of alcohol. I admit I enjoy the lighter side or RSA, but I hope that the fun and frolic is balanced by serious discussions on an increasingly ominous subject.

Topics: Cybersecurity